1. Field of the Invention
The present invention relates to a method for making the execution of a computer program secure and a secure electronic entity for implementing a method of that kind.
The invention may be used in particular to make a smart card secure.
2. Description of Related Art
References hereinafter to “making a computer program secure” mean:                detecting malicious attacks seeking to modify the normal behavior of a computer program, and also        any processing aimed at making the execution of a computer program reliable, in particular a program executed in an environment subject to very high levels of interference, such as a satellite, or a computer program requiring very high reliability, for example a program controlling a cardiac implant.        
Moreover, the expression “computer program” refers to any program, regardless of the computer language and the storage means employed. By way of nonlimiting example, the computer program may be written in machine language, assembler language, C, C++, Java or VHDL. The program may be stored in permanent memory, for example ROM, EEPROM or hard disk, or in volatile memory, for example RAM. The program may equally be implemented in the form of an integrated circuit, for example a field-programmable gate array (FPGA) or an application-specific integrated circuit (ASIC).
The present invention detects an attack intended to modify the execution of a computer program on a secure electronic entity, for example a smart card, a secure PCMIA card (for example an IBM 4758 card), a USB key or a passport integrating a contactless microchip in one of its pages. It also triggers countermeasures to such attacks.
In particular, the present invention detects attacks that interfere with the operation of an electronic entity, for example so-called fault attacks.
Such attacks seek illegitimately to modify the content or the reading of the content of a register, a memory or a bus, or to oblige a processor not to execute certain instructions of a computer program, or to execute them badly. The attacked computer program may then be executed in a very different way to that in which it was designed to be executed.
Attacks of this kind that are already known in the art include:                generating a voltage spike at one of the power supply terminals of the processor;        suddenly increasing its temperature;        rapidly changing its clock frequency or supply voltage;        applying a flash of light, a laser beam or an electromagnetic field to a portion of the silicon constituting it.        
In the present state of the art, the person skilled in the art knows various ways to make a computer program secure, and in particular to combat attacks by generating faults in a smart card.
A first method consists in installing sensors in the smart card components to detect these attacks.
This kind of method is of restricted efficacy, however, since it is in practice impossible to place sensors over the whole of the surface of the component. Moreover, the sensors being also made of silicon, it is possible also to interfere with them or to modify the information that they transmit.
A second prior art method used to make most smart card operating systems secure is based on the use of “semaphores”, and includes:                a step of modifying the content of a memory area during the execution of a set of critical instructions; and        a verification step which, by reading the content of the memory area cited above, verifies that the modification step cited above has been carried out.        
If the memory area has not been modified, that means that the modification step has not been carried out and consequently that the critical instructions cited above have not been executed correctly.
It will be noted that in the present document the term “semaphore” refers to a concept differing from the process of the same name used in the field of programming concurrent processes.
The second method, which is implemented by software, does not have the drawbacks of the first method cited above.
Nevertheless, semaphores are conventionally implemented by variables residing in working memory (RAM) and their manipulation (positioning, reading) is relatively slow and costly in terms of memory space. This constraint represents a particularly severe penalty if the program is executed on systems having limited resources (memory, computation power, etc.), such as smart cards. The present invention is aimed at a software method that does not have the above drawbacks.